OK, the verification part of the code was directly from the book's example. Are you saying that checks of that type should be done while input is being read? Perhaps it would make sense to read in the variables and repeat them to the operator for final verification before committing to the append operation?

And is the example you gave the preferred way to code the prepare/execute statements, i.e. using VALUES(?,?,?,?,?) in the prepare statement, then passing in the real values in the execute statement?

OK, the verification part of the code was directly from the book's example. Are you saying that checks of that type should be done while input is being read? Perhaps it would make sense to read in the variables and repeat them to the operator for final verification before committing to the append operation?

The retrieval of the user input should be done in a loop such that when you read in the value, you apply whatever validation that is required and if that validation fails, then you ask them to reenter the data.

Quote

And is the example you gave the preferred way to code the prepare/execute statements, i.e. using VALUES(?,?,?,?,?) in the prepare statement, then passing in the real values in the execute statement?

That is the preferred method because it handles the quoting of sql special characters that may be in the vars, such as single quotes, and it helps to reduce sql injection. It's also an efficiency advantage when you're doing inserts within a loop, such as when importing data from a csv file. You only need to prepare the statement once outside of the loop and do the execute statement in the loop.